Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,742
Maven
5,000+
npm
4,339
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,990 advisories

Loading
Pyrofork has a Path Traversal in download_media Method Moderate
CVE-2025-67720 was published for pyrofork (pip) Dec 10, 2025
yueyueL
Credited to yueyueL
Formio improperly authorized permission elevation through specially crafted request path High
CVE-2025-67718 was published for formio (npm) Dec 10, 2025
Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability High
CVE-2025-67641 was published for io.jenkins.plugins:coverage (Maven) Dec 10, 2025
Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability Moderate
CVE-2025-67643 was published for org.jenkinsci.plugins:pipeline-reporter-by-redpen (Maven) Dec 10, 2025
Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials Moderate
CVE-2025-67642 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Dec 10, 2025
Algernon Cross-Site Scripting vulnerability Moderate
CVE-2025-65754 was published for github.com/xyproto/algernon (Go) Dec 10, 2025
Jenkins's build authorization token is stored and displayed in plain text Moderate
CVE-2025-67637 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins has a Denial of service vulnerability in HTTP-based CLI High
CVE-2025-67635 was published for org.jenkins-ci.main:cli (Maven) Dec 10, 2025
Jenkins is missing a permission check on password fields Moderate
CVE-2025-67636 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin Moderate
CVE-2025-67640 was published for org.jenkins-ci.plugins:git-client (Maven) Dec 10, 2025
Jenkins's build authorization token is stored and displayed in plain text Moderate
CVE-2025-67638 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
Jenkins has a CSRF vulnerability on the login form Low
CVE-2025-67639 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality High
CVE-2025-34410 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
Ibexa User Bundle is missing password change validation Critical
CVE-2025-67719 was published for ibexa/user (Composer) Dec 10, 2025
Zitadel Discloses the Total Number of Instance Users Moderate
CVE-2025-67717 was published for github.com/zitadel/zitadel (Go) Dec 10, 2025
IAM-marco livio-a
Credited to IAM-marco and livio-a
Miniflux has an Open Redirect via protocol-relative redirect_url Low
CVE-2025-67713 was published for miniflux.app/v2 (Go) Dec 10, 2025
satoki
Credited to satoki
ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only) High
CVE-2025-66628 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 10, 2025
Sumitshah00
Credited to Sumitshah00
XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection High
CVE-2025-66474 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Dec 10, 2025
XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis High
CVE-2025-66473 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Dec 10, 2025
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication Moderate
CVE-2025-66472 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Dec 10, 2025
4rdr
Credited to 4rdr
Gogs vulnerable to a bypass of CVE-2024-55947 High
CVE-2025-8110 was published for gogs.io/gogs (Go) Dec 10, 2025
Apache Struts has a Denial of Service vulnerability High
CVE-2025-66675 was published for org.apache.struts:struts2-core (Maven) Dec 10, 2025
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions Low
CVE-2025-14082 was published for org.keycloak:keycloak-services (Maven) Dec 10, 2025
Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-65513 was published for mcp-fetch-server (npm) Dec 10, 2025
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method High
CVE-2025-67644 was published for langgraph-checkpoint-sqlite (pip) Dec 10, 2025
VladimirEliTokarev yardenporat353
Credited to VladimirEliTokarev and yardenporat353
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database